← Retour aux CVEs
CVE-2019-19356
HIGHCISA KEV7.5
Description
Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands as root through the tracert diagnostic tool because of lack of user input sanitizing.
Details CVE
Score CVSS v3.17.5
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteHIGH
Privileges requisLOW
Interaction utilisateurNONE
Publie2/7/2020
Derniere modification11/7/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurNetis
ProduitWF2419 Devices
Nom vulnerabiliteNetis WF2419 Devices Remote Code Execution Vulnerability
Date ajout KEV2021-11-03
Date limite remediation2022-05-03
Utilise dans ransomwareUnknown
Produits affectes
netis-systems:wf2419netis-systems:wf2419_firmware
Faiblesses (CWE)
CWE-78CWE-78
References
http://packetstormsecurity.com/files/156588/Netis-WF2419-2.2.36123-Remote-Code-Execution.html(cve@mitre.org)
https://github.com/shadowgatt/CVE-2019-19356(cve@mitre.org)
https://www.digital.security/en/blog/netis-routers-remote-code-execution-cve-2019-19356(cve@mitre.org)
http://packetstormsecurity.com/files/156588/Netis-WF2419-2.2.36123-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/shadowgatt/CVE-2019-19356(af854a3a-2127-422b-91ae-364da2661108)
https://www.digital.security/en/blog/netis-routers-remote-code-execution-cve-2019-19356(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-19356(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.